Topic: How do you prefer to log in? (Read 9394 times)

Mycelium and, I believe, Trezor now support BitID.
https://github.com/bitid/bitid

Please vote in the poll at the top of the page. Still zero votes for Facebook.


Two factor does help security some.

How to turn on two-factor authentication for some OpenID providers: https://bitcointalksearch.org/topic/m.4892396

Open ID is easy enough, but I do think that two factor adds security although its inconvenient at times..

facebook

On my pool ~20% of the active miners are address based, so yeah certainly allowing both address based and login account based is pretty much mandatory IMO.

I couldn't agree more. 

Personally I like an aesthetically pleasing and practical interface therefore wallet address systems are out, login or public platforms.

Everyone knows how to create a username and password so why change something that works. Add a little 2FA for security and your set.

Name and password + second factor all the way, typically with Google Auth or SMS.

No complex centralized login needed (username/password as payout address, is a nice safe decentralized solution) don't think the entire website need to be public cause of that)
- that got my 2 cents, all day long.

Why use centralized controls when you don´t need to?
and for all who don't like to use centralized US tracking services it would be nice to at least have this option ..

Keep up the good work fellow Northman.

PS: don't eat to much Haribo...  not all dentists take BTC :-)

That's a great solution if you've got a reasonable amount of power, but for some of us, payments would be a bit dusty.

IMO best option would be "No login (user name is payout address, entire website is public)". Why would a user need to login if there is no need to withdraw manually?. Just set an automatic payment (similar to Eligius) and make all stats public.

No, I'm fine with Google products generally, just not authenticator. Much prefer to use a Yubikey.

If it raises your hackles to use "google" anything, see alternative implementations of authenticator in this version of the wiki article (current, but some wikidiot keeps removing the 3rd party stuff periodically) http://en.wikipedia.org/w/index.php?title=Google_Authenticator&oldid=643155923

Links are provided in the cite notes/references.

I like 2fa, but only of the yubikey type. I really don't want to use Google authenticator.

user name and password, with 2fa (or email confirmation) for critical events, such as change email, change address, manual withdrawals and change of perks/donations

Yes, yahoo started to deteriorate all over in the first half of last year, I thought they were circling the drain, but all of a sudden, things started working right again. I maybe only get 1 in 3 mails sent to my old yahoo mail accounts though.

Voted!

I would really like to use google authenticator, dont know why it was not implemented already..

OpenID

I prefer to use BTC payment address as username. Site should be publicly open.
Security can't get better than this. There's no password to hack - you mine on your BTC address, period.

And the side benefit is, you don't have to create accounts on numerous pools, remember them all and also worry about getting one of them hacked.

Name and password

Name and password + second factor (Google auth, Yubikey, etc)
I like authy but that's a personal pref. I like having the second security layer.

User + Password + 2FA, and the site should have "remember this user+password" so I will actually type only the 2FA.

Name and Password

I'd personally use Google auth if possible (and passwords with capital and numbers).

Yes, that'd be great!

Android app:
https://play.google.com/store/apps/details?id=net.vrallev.android.sqrl

Thank you

As a user I find OpenID very quick and convenient.

As someone running a website, OpenID for the most part works fine. I don't need to store password hashes. I also don't have to deal with lost password issues, but on the other hand of course there are people who got banned from Google or otherwise lost access to their OpenID account who need help.

Over the 3.5 years there have been some negative experiences:

Some people write me angry notes saying I am trying to force them to register at Google and Yahoo to help the NSA and big corporations spy on them.

myopenid.net shut down with 6 months notice. Most people switched in time and it wasn't so bad. Only about 5 people didn't, and needed help to recover access to their Bitminter account.

A korean OpenID identity provider whose name I forget suddenly shut down (without notice as far as I know). Their entire website was replaced by a single page with text in korean saying something like "thanks for the good times. we shut down now. goodbye." If I recall correctly the text was an image too, so it was more difficult to get it translated with Google translate.

Blogger/blogspot has always been very unreliable. Their OpenID server is down half the time. There is no customer support available in any fashion. I didn't want to remove them from the login page because some users are using them and it will make it more difficult for them to log in without the blogspot button. Instead I put a warning not to use blogger/blogspot.

A few sites use OpenID implementations that apparently don't work well with the one I use, so you can't log in using those sites.

Yahoo OpenID was unstable for a while, maybe an hour of downtime per week. Then they crashed hard and their OpenID server was down for 3-4 days. I believe Yahoo mail was down at the same time. This came as a surprise as I had not expected Yahoo to be this unstable and take that long to fix their broken servers. Probably close to 1000 active Bitminter users were locked out of their accounts because of this. Too many to do manual account recovery for them all. I started working on an automated process, but then Yahoo finally got their act together and fixed the problem. Some users blamed me and left the pool. While it is not my fault that Yahoo is unreliable, it is my fault that I chose to rely on external services.

The latest problem now is that Google will not just be implementing the new OpenID Connect. They will also shut down the old OpenID 2.0 servers. So now all websites have to change their software if they want to keep Google logins. OpenID Connect is the new version of OpenID.

I prefer the convenience of Google login. I set the payout threshold such that it wouldn't be that big a deal even if it was hacked so it's sufficiently secure for me as is.

I do not like the payout address as user method as without an actual account it doesn't feel like I belong to anything.  It would also make perks very difficult to implement.

Aaron

user name + password

bitcoin wallet!
facebook? google? are u grazy!!!

I had forgotten about this. It looks very interesting and much more secure than other 2FA solutions. But are there mobile apps implementing this? Are any sites using it? Are people willing to scan a QR code every time they need to log in?

The problem with many other 2FA solutions:

Most 2FA solutions give you a one-time password on a separate device that you then type into your computer. There is a belief by a lot of users that this makes hacking impossible.

Let's review this. In many cases if you get hacked it's because someone (through a trojan or other malware) took over control of your computer. They are now looking at you through your camera, listening to you through your microphone, taking screenshots of your desktop to see what you are doing.. and they are recording every keystroke you make. When you type your one-time passwords into a compromised computer like this, you are essentially giving them to the hacker.

I wish more people would accept that..

• A one-time password/code typed into a compromised computer won't save you
• A compromised computer can become yours again, but you need to reformat your drive and reinstall the operating system from a clean source

Although if the hacker installed malware on the firmware of your laptop battery then you may wish to just burn the computer.

user/pass and CHOICE of second factor, google auth, SMS etc.

Google authentication is an algorithm btw and has been independently implemented, no need to trust google. You can pick up an old windows mobile device for $10 or less, put auth software on it, use it as entirely offline hardware key, etc.

Voted for the OPENID, but i'm all good with login/pass + second factor (SMS)

Thanks Doc !

I prefer OpenID with Google.  I have Google set up to provide an SMS 2FA, if I am logging in from s new device.  This is quite convenient as I log in on multiple devices (iPhone, iPad and desktop) multiple times per day.  All of my devices are heavily secured as well.

Can't believe FB is listed as an option.....that's a joke right? 

Username+Password+2 way factor google authenticator

i prefer my payout address + phone authentication 

The OpenID Connect, just seems to be Google+, I still don't like Google+.

Better question.

As someone who runs a pool, and has done a damn good job doing so, which do you prefer?

I like the open ID for most things due to it being fast and easy, however a password/txt msg code/ or some other thing would be good for the changing of settings/sending payments.

I prefer using my payout address. 2FA with UN and PW is not a bad way, payout address just seems easier for everyone.

Google open id is the quickest. It saves me time logging in...I log-in multiple times per day. Email log-in would also be ok. I do use authy. Have you considered sqrl login technology? see below:

https://www.grc.com/sqrl/sqrl.htm

Either two factor or Google auth.

I have a strong dislike of "just use your wallet address" pools - I trust it a bit more when I have an actual account.

Payoutadress as Name & Password, i think.
I don't get Facebook (never!) just for login.

NB: Gummibären für immer ;-), und Schnecken natürlich.

ID/Password with Second factor with a text code sent to my cell phone.

I run my own p2pool node, so there is no need for a login.  However, if I were to run a more conventional pool, I would certainly want to have a username/password in conjunction with 2fa.

How would you prefer to log in at your mining pool's website?

Please take part in the poll above.